Currently you have to always pass basedn, server name and potentially env vars like LDAPTLS_CACAERT to ldap tools to connect to IPA.
It would make life easier if instead we chagned the tools defaults in /etc/openldap/ldap.conf so that admins do not need to type them explicilty every time. It is expecially important for LDAPTLS_CACAERT as that is not a command option and the error reported if the CA cert is not available is quite obscure, and finding what env var to set is not easy.
Make it controlled by the command line parameter for ipa-client-install.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=782920
To test:
$ ldapsearch -x uid=admin
You should get the user back. Now check 389-ds access log, you should see:
- An incoming SSL connection - The search base is set to the right suffix, e.g. dc=example,dc=com
Moving to next month iteration.
master: 14975cd
ipa-2-2: ebdbad5
Metadata Update from @simo: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
Login to comment on this ticket.